computer security 101
TRANSCRIPT
Presentation Contents
1. Awareness test for audience2. Scenario related to security incident3. Definition of computer related term4. What to do in the event of attack5. Statistics on computer crime6. News related to computer security7. Laws and regulation related to computer
usage
3
Learning outcome
At the end of this talk, audience will
1. be aware of computer security risk at home and in the workplace
2. be able to identify common computer security issues
3. follow best computer security practice4. have the knowledge to handle computer
security incident
4
Scenario #1
Reference:https://goo.gl/2FWWAf 7
From: UPM Email Administrator [mailto:[email protected]]Sent: 12 May 2016 8:51amTo: [email protected]: Email Storage Warning
Dear Dr. Khairulmizam Samsudin,
Your mailbox is almost full.
Please reduce your mailbox size by email deletion. Click here to reduce size automatically
Scenario #1: Phising Attack
Definition: attempt to acquire sensitive information by masquerading as a trustworthy entity in electronic communication.Variation: bank account, monetary reward, over credit, using other communication medium, etc
Reference:https://goo.gl/lygRnT
Scenario #1: To do
14
To Do● Verify the URL address● Use HTTPS (if available)● Enable anti-virus
‘secure browsing’ feature
● Update OS and anti-virus regularly
99%18
of all computer security incidents involve human error - “IBM”
Reference:http://goo.gl/2cIkZc
This talk is not about...
How to…
● e-Punch from outside UPM?
● How to crack application or games?
● How to obtain password of protected WiFi?
● How to top-up SmartTAG for free?
● How to <illegal activity> ?
20
Law and Regulation1. Akta Jenayah Komputer 1997 (Akta 563)2. Akta Komunikasi dan Multimedia 1998 (Akta
588)3. Akta Harta Intelek (Paten dan Hakcipta)4. Arahan Teknologi Maklumat 2007 (Akta 680)5. Akta Perlindungan Data Peribadi 2010 (Akta
709)6. Kaedah-Kaedah Universiti Putra Malaysia
(Teknologi Maklumat Dan Komunikasi) 20137. Garis Panduan Keselamatan Teknologi
Maklumat dan Komunikasi (GPKTMK), UPM 201429
Awareness Test #1: Computer/Smartphone
1. I know how to install and uninstall software
2. I pay my utility bill online
3. I know how to configure WiFi
4. I know how to hook up all the computer cables
5. I can format and reinstall OS on my computer
33
Scenario #2: Hoax, Chain letter, Faxlore, etc
Definition: a message that attempts to convince the recipient to distribute copies of the letter and then pass them on to as many recipients as possible.Variation: children in need, petitions, false warnings, monetary rewards, urban legends, superstitions
Scenario #2: Law and Regulation
46
Garis Panduan Keselamatan Teknologi Maklumat dan Komunikasi (GPKTMK), UPM 2014
Awareness Test #2: Security
1. I know how to scan for virus/malware
2. I password protect my computer/smartphone
3. I have 8 character password with 1 capital
letter, 1 symbol and 1 number
4. I update my computer OS and software frequently
5. I use a non-administrator user account on my
computer
48
[email protected] 49Reference:http://goo.gl/2JBIrc
Scenario #3: Law and Regulation (Cont…)
53
Garis Panduan Keselamatan Teknologi Maklumat dan Komunikasi (GPKTMK), UPM 2014
Scenario #3: To do
54
To Do● Do not use the same password● Do not share password and be
sure no one watches ● Use ‘incognito’ mode if you
are using public computer● Lock or log off everytime ● Use biometric password (if
possible)● Update OS and anti-virus
regularly
News: Car hacking
… two researchers managed to take
control of an unaltered vehicle’s
electronically controlled subsystems
(radio, AC, wipers, transmission,
steering, even brakes) from afar,
using the Internet connection its
entertainment system makes through
Sprint’s cellular network … - “IEEE
Spectrum”
Definition: Computer Security in UPM
Garis Panduan Keselamatan Teknologi Maklumat dan Komunikasi (GPKTMK), UPM 2014
InformationDefinition: Computer Security in UPM
Garis Panduan Keselamatan Teknologi Maklumat dan Komunikasi (GPKTMK), UPM 2014
Scenario #4
Reference:https://goo.gl/2FWWAf 67
Ring ring ring...Caller: Hi Jenny, this is Smith from
Accounting Department. Can you email me the latest quaterly report?
Jenny: Ok...
Scenario #4
68
Ring ring ring...Caller: Hi Jenny, this is Smith from
Accounting Department. Can you email me the latest quaterly report?
Jenny: Ok...
Scenario #2: Social Engineering
Definition: an attack that relies heavily on human interaction and involves tricking people into breaking security procedures.Variation: call from IT, reset password, install a software, click a link, etc
Scenario #4: Law and Regulation
70
Garis Panduan Keselamatan Teknologi Maklumat dan Komunikasi (GPKTMK), UPM 2014
Scenario #4: To do
71
● Slow down● Research the facts● Never provide confidential
information to unknown source (i.e. email)
● Beware of any downloads and links
● Update OS and anti-virus regularly
What to do if you are a victim?
73
1. Disconnect from network2. Inform online account
provider3. Report to authority4. Get help
99%of Malaysian use Facebook while on the throne
Reference:http://goo.gl/q20oWc
Scenario #5: Man-in-the-middle attack
76
Definition: an attacker secretly relays and alters the communication between two parties who believe they are directly communicating with each other..
Reference:http://goo.gl/22mq8V
Scenario #5: To do & Not to do
78
To Do● Avoid using public Wi-Fi
(if possible)● Avoid entering passwords
when using public Wi-Fi connections
● Use HTTPS or VPN if you need to enter passwords
Additional tips
80
● Only download from trusted sources
● Only install trusted software
● Use a decent web browser
